Weekly Vulnerabilities Reports > September 17 to 23, 2001
Overview
68 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 65 products from 46 vendors including Microsoft, Freebsd, SUN, Netwin, and Maxum Development Corporation. Vulnerabilities are notably categorized as "Memory Leak", and "Improper Input Validation".
- 51 reported vulnerabilities are remotely exploitables.
- 68 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 11 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
2 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-09-20 | CVE-2001-0552 | HP IBM | ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. | 10.0 |
2001-09-18 | CVE-2001-0961 | John E Davis | Buffer Overflow vulnerability in John E. Davis MOST Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most. | 10.0 |
23 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-09-21 | CVE-2001-0940 | Checkpoint | Unspecified vulnerability in Checkpoint Firewall-1 4.0/4.1 Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name. | 7.5 |
2001-09-20 | CVE-2001-0964 | Valve Software | Remote Security vulnerability in Half-Life Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. | 7.5 |
2001-09-20 | CVE-2001-0963 | PI Soft | Directory Traversal vulnerability in Pi-Soft Spoonftp 1.1 Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... | 7.5 |
2001-09-20 | CVE-2001-0704 | Arcadia | Unspecified vulnerability in Arcadia Internet Store 1.0 tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist. | 7.5 |
2001-09-20 | CVE-2001-0702 | Grant Averett | Buffer Overflow DoS vulnerability in Cerberus FTP Server Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command. | 7.5 |
2001-09-20 | CVE-2001-0700 | W3M | Buffer Overflow vulnerability in W3M Malformed MIME Header Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header. | 7.5 |
2001-09-20 | CVE-2001-0694 | Texas Imperial Software | Directory Traversal vulnerability in Texas Imperial Software Wftpd 3.00R5 Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command. | 7.5 |
2001-09-20 | CVE-2001-0692 | Watchguard | Unspecified vulnerability in Watchguard Firebox 2500 and Firebox 4500 SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes. | 7.5 |
2001-09-20 | CVE-2001-0690 | University OF Cambridge Conectiva Debian Redhat | Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. | 7.5 |
2001-09-20 | CVE-2001-0689 | Trend Micro | Denial-Of-Service vulnerability in Trend Micro Virus Control System 1.8 Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program. | 7.5 |
2001-09-20 | CVE-2001-0668 | HP | Buffer Overflow vulnerability in HP HP-UX Line Printer Daemon Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands. | 7.5 |
2001-09-20 | CVE-2001-0658 | Microsoft | Cross-Site Scripting vulnerability in Microsoft ISA Server 2000 Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. | 7.5 |
2001-09-20 | CVE-2001-0645 | Axent | Remote Security vulnerability in Axent Netprowler 3.5/3.5.1 Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password. | 7.5 |
2001-09-20 | CVE-2001-0644 | Maxum Development Corporation | Unspecified vulnerability in Maxum Development Corporation Rumpus FTP Server 1.3.2/1.3.3/1.3.4 Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. | 7.5 |
2001-09-20 | CVE-2001-0636 | Raytheon | Unspecified vulnerability in Raytheon Silentrunner 2.0/2.0.1 Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. | 7.5 |
2001-09-20 | CVE-2001-0541 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows Media Player .NSC File Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. | 7.5 |
2001-09-19 | CVE-2001-0962 | IBM | Unspecified vulnerability in IBM products IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. | 7.5 |
2001-09-23 | CVE-2001-1034 | Freebsd | Unspecified vulnerability in Freebsd 4.4 Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. | 7.2 |
2001-09-22 | CVE-2001-0955 | Xfree86 Project | Denial of Service vulnerability in Xfree86 Project X11R6 4.0/4.0.1/4.0.3 Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. | 7.2 |
2001-09-20 | CVE-2001-0701 | SUN | Buffer Overflow vulnerability in Solaris PTExec Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument. | 7.2 |
2001-09-20 | CVE-2001-0699 | SUN | Buffer Overflow vulnerability in SUN Sunos 5.8 Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument. | 7.2 |
2001-09-20 | CVE-2001-0507 | Microsoft | Unspecified vulnerability in Microsoft Internet Information Services 5.0 IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. | 7.2 |
2001-09-20 | CVE-2001-0506 | Microsoft | Buffer Overrun Privelege Elevation vulnerability in Microsoft products Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. | 7.2 |
37 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-09-21 | CVE-2001-1023 | Xcache Technologies | Path Disclosure vulnerability in Xcache 2.0/2.1 Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. | 5.0 |
2001-09-20 | CVE-2001-1018 | Lotus | Unspecified vulnerability in Lotus Domino 5.0.8 Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. | 5.0 |
2001-09-20 | CVE-2001-0710 | Freebsd Netbsd | NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool. | 5.0 |
2001-09-20 | CVE-2001-0709 | Microsoft | Unspecified vulnerability in Microsoft Internet Information Server Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | 5.0 |
2001-09-20 | CVE-2001-0708 | Denicomp | Denial-Of-Service vulnerability in Rexecd Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string. | 5.0 |
2001-09-20 | CVE-2001-0707 | Denicomp | Denial-Of-Service vulnerability in RSHD Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514. | 5.0 |
2001-09-20 | CVE-2001-0705 | Arcadia | Unspecified vulnerability in Arcadia Internet Store 1.0 Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument. | 5.0 |
2001-09-20 | CVE-2001-0703 | Arcadia | Denial of Service vulnerability in Arcadia Internet Store 1.0 tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. | 5.0 |
2001-09-20 | CVE-2001-0698 | Netwin | Information Disclosure vulnerability in Netwin SurgeFTP Server Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command. | 5.0 |
2001-09-20 | CVE-2001-0697 | Netwin | Unspecified vulnerability in Netwin Surgeftp 1.1H NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command. | 5.0 |
2001-09-20 | CVE-2001-0696 | Netwin | Denial of Service vulnerability in Netwin SurgeFTP Server MS-DOS Device Name NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con. | 5.0 |
2001-09-20 | CVE-2001-0695 | Texas Imperial Software | Denial-Of-Service vulnerability in Texas Imperial Software Wftpd 3.00R5 WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\). | 5.0 |
2001-09-20 | CVE-2001-0693 | Webtrends | Unspecified vulnerability in Webtrends products WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20). | 5.0 |
2001-09-20 | CVE-2001-0688 | Transsoft | Buffer Overflow vulnerability in TransSoft Broker CWD Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . | 5.0 |
2001-09-20 | CVE-2001-0687 | Transsoft | Directory Traversal vulnerability in TransSoft Broker FTP Server Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). | 5.0 |
2001-09-20 | CVE-2001-0684 | Netscape | Unspecified vulnerability in Netscape Collabra Server 3.5.2/3.5.4 Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service by sending seven or more characters to TCP port 5239. | 5.0 |
2001-09-20 | CVE-2001-0683 | Netscape | Unspecified vulnerability in Netscape Collabra Server 3.5.2/3.5.4 Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP port 5238. | 5.0 |
2001-09-20 | CVE-2001-0681 | QPC Software | Denial-Of-Service vulnerability in QPC Software QVT NET and QVT Term Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a remote attacker to cause a denial of service via a long (1) username or (2) password. | 5.0 |
2001-09-20 | CVE-2001-0680 | QPC Software | Directory Traversal vulnerability in QPC QVT Suite FTP Server Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command. | 5.0 |
2001-09-20 | CVE-2001-0677 | Qualcomm | Unspecified vulnerability in Qualcomm Eudora 5.0.2 Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user. | 5.0 |
2001-09-20 | CVE-2001-0676 | Ritlabs | Directory Traversal vulnerability in The Bat Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment. | 5.0 |
2001-09-20 | CVE-2001-0675 | Ritlabs | Unspecified vulnerability in Ritlabs the BAT 1.51 Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carriage return <CR> that is not followed by a line feed <LF>. | 5.0 |
2001-09-20 | CVE-2001-0674 | Robtex | Directory Traversal vulnerability in Viking Server 1.0.4/1.0.6/1.0.7 Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. | 5.0 |
2001-09-20 | CVE-2001-0659 | Microsoft | Buffer Overflow Denial of Service vulnerability in Microsoft Windows 2000 IrDA Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet. | 5.0 |
2001-09-20 | CVE-2001-0650 | Cisco | Denial of Service vulnerability in Cisco IOS 11.2/11.3/12.0 Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. | 5.0 |
2001-09-20 | CVE-2001-0649 | Apple | Denial-Of-Service vulnerability in Apple Personal web Sharing 1.5.5 Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request. | 5.0 |
2001-09-20 | CVE-2001-0648 | Phprojekt | Unspecified vulnerability in PHProjekt 2.0/2.0.1/2.1 Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module. | 5.0 |
2001-09-20 | CVE-2001-0646 | Maxum Development Corporation | Remote FTP Server DoS vulnerability in Maxum Development Corporation Rumpus FTP Server 1.3.2/1.3.4/2.0.3Dev Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length. | 5.0 |
2001-09-20 | CVE-2001-0546 | Microsoft | Denial of Service vulnerability in Microsoft ISA Server 2000 Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. | 5.0 |
2001-09-20 | CVE-2001-0543 | Microsoft | Memory Leak vulnerability in Microsoft Exchange Server, Windows 2000 and Windows NT Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. | 5.0 |
2001-09-20 | CVE-2001-0509 | Microsoft | Improper Input Validation vulnerability in Microsoft products Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs. | 5.0 |
2001-09-20 | CVE-2001-0508 | Microsoft | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. | 5.0 |
2001-09-20 | CVE-2001-0691 | University OF Washington | Buffer Overflow vulnerability in Imapd 'Local' Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations. | 4.6 |
2001-09-20 | CVE-2001-0686 | SUN | Buffer Overflow vulnerability in SUN Solaris 5.8/8.0 Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable. | 4.6 |
2001-09-20 | CVE-2001-0678 | Trend Micro | Unspecified vulnerability in Trend Micro Interscan Viruswall and Interscan Webmanager A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code. | 4.6 |
2001-09-20 | CVE-2001-0653 | Sendmail | Unspecified vulnerability in Sendmail Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number. | 4.6 |
2001-09-20 | CVE-2001-0641 | Immunix Redhat Suse | Heap Overflow vulnerability in Man -S Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option. | 4.6 |
6 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2001-09-20 | CVE-2001-0685 | Thibault Godouet | Symbolic Link vulnerability in Thibault Godouet Fcron Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file. | 2.6 |
2001-09-18 | CVE-2001-1353 | Aladdin Enterprises | Unspecified vulnerability in Aladdin Enterprises Ghostscript ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. | 2.6 |
2001-09-20 | CVE-2001-1029 | Openbsd Freebsd | libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. | 2.1 |
2001-09-20 | CVE-2001-0706 | Maxum Development Corporation | Stack Overflow DoS vulnerability in Rumpus FTP Server Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders. | 2.1 |
2001-09-20 | CVE-2001-0642 | Incredimail | Directory Traversal vulnerability in Incredimail 2.0 Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. | 2.1 |
2001-09-20 | CVE-2001-0547 | Microsoft | Denial of Service vulnerability in Microsoft ISA Server 2000 Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). | 2.1 |